1

Scenario: Computer A has a local ip of 192.168.1.100, which is running a VM inside of it. The VM now makes a tcp request to an external IP address (74.125.225.98).

Could someone explain how the request is routed both to the remote ip and then back to the VM?

From my understanding, the VM wraps this request in an IP packet with the destination ip, and then wrapped again inside an Ethernet frame with its own unique (probably fake) MAC address. The router then replaces the VM's ip and MAC with its own, and sets the destination MAC to the ISP's router.

My main confusion is, when the tcp response is created and sent back to the VM... since the VM is running inside computer A, how would the router run an ARP request to get the VMs MAC address?

Thanks for the help :)

EDIT:

Found the following video which helped explain NAT: https://www.youtube.com/watch?v=01ajHxPLxAw

Obto
  • 125
  • 6

2 Answers2

3

If you're looking for the short answer, it (the router/firewall) already knows all it needs to for the TCP "response" from the session table and routing table.

A generic example would look like:

enter image description here

If it needs to, the router can run an ARP request same as it would anytime it needs to do a MAC address lookup. But it would typically be for local devices, meaning based on the subnet it might end up simply routing the packets layer 3 instead to another device.

A more complex answer would involve knowing HOW the VM is on the network (bridged/NAT/etc.) as well as the complexity of the network, etc. which is going to be a book answer and drinking from the firehose, to be honest.

TheCleaner
  • 32,627
  • 26
  • 132
  • 191
  • TBH i'd love to learn a bit more so if you could point me in the direction where i could thatd be great :) Because the part I'm still confused about... is if the router replaces the information about the MAC addresses etc of the VM when it "forwards on" the request, how does it know where to send the response? Does it log anything about the request? – Obto Dec 11 '14 at 15:05
  • Just found this video: https://www.youtube.com/watch?v=01ajHxPLxAw . So would the router actually log the MAC address in this translation table? Or does the VM work with Comp A to preset the source port (pre router), so when we later get a request to that port, Computer A forwards it to the VM? – Obto Dec 11 '14 at 15:32
  • The router would log the mac address in its ARP cache if it is local to the router, otherwise a downstream switch from the router would keep the ARP entry. – TheCleaner Dec 11 '14 at 20:19
  • Source port is just an ephemeral port used (http://en.wikipedia.org/wiki/Ephemeral_port)...it is set by the VM. If the VM is in NAT mode then the host would act like a NAT firewall/router and act in essence the same as the network NAT router. – TheCleaner Dec 11 '14 at 20:21
2

There are two methods that can be used to handle ARP traffic when NAT is not used.

  • The traffic can be bridged, and the VM will receive and respond to the ARP request on it own.
  • The traffic can be routed, and the VM's host responds with a ProxyARP response.

It is also common to us NAT for a VM. In this case the source address (and possibly port) are changed when packets are routed by the VM's host to the external world. Responses have the destination change to the original destination.

BillThor
  • 27,737
  • 3
  • 37
  • 69
  • So in case of a bridged connection... computer A allows the VM to say "hey thats me!" to the ARP request right? In that case, though... wouldnt the router receive two responses? One from computer A and one from the VM? – Obto Dec 11 '14 at 15:11
  • @Obto No. In a bridged configuration, the VM host is acting like a switch. It sees that the incoming frame destination MAC doesn't match the physical adapter so it forwards the frame on to the appropriate VM. The host stack doesn't respond. – nobody Dec 11 '14 at 17:41
  • Ah, so during NAT the router does "cache" the MAC of the VM then? – Obto Dec 11 '14 at 19:35
  • @Obto In NAT the external connection is be between the VM container, not the VM itself. The relevant MAC address is the MAC belonging to the external interface of the VM container. The VM container will know the MAC of the VM and forward accordingly. – BillThor Dec 12 '14 at 00:38